Anomaly Detection in Blockchain Networks Using Unsupervised Learning: A Survey
Abstract
:1. Introduction
- (a)
- Summarization of typical blockchain anomalies.
- (b)
- Analysis of the data structures employed in the implementation of the unsupervised learning methodologies.
- (c)
- Categorization of a large number of research methods for blockchain anomaly detection into three categories based on the implementation strategies of the corresponding algorithms.
- (d)
- Presentation of the basic functional properties of the above-mentioned categories in terms of certain key characteristics.
- (e)
- Highlight several challenges and future directions.
2. Related Work
3. Blockchain Overview
3.1. Basic Characteristics of Blockchain
3.2. Transactions and Smart Contracts
3.3. Consensus Mechanisms
4. Anomalies and Anomaly Detection in Blockchain
4.1. Anomalies in Blockchain Networks
Anomaly | Description | Occurrence |
---|---|---|
Sybil Attacks | Creation of multiple fake identities or nodes to gain control over a significant portion of the network, often disrupting consensus and influencing transaction validation. | They have been observed in public or consortium blockchains, e.g., in consortium blockchain used by a group of financial institutions [94]. |
Phishing Attacks | Malicious attempts to deceive individuals into revealing sensitive information, such as passwords or financial details, by impersonating trustworthy entities through emails, websites, or messages. | They are prevalent across the cryptocurrency space, e.g., according to a report by CipherTrace, phishing attacks accounted for millions of dollars in losses in 2023 alone [95]. |
Ponzi Schemes | Fraudulent investment operations where early investors are paid with funds from later investors, creating an illusion of profitability until the scheme collapsed, and causing financial losses for participants. | They plagued the cryptocurrency industry (e.g., the BitConnect), causing billions of dollars in damage before collapsing in 2018 (their frequency has decreased, but they still are a threat to decentralized finance). |
Double-Spending Attacks | Attempts to spend the same digital asset more than once, exploiting the delay in transaction validation to deceive the network. | Although less common in established cryptocurrencies like Bitcoin, they can occur in smaller networks or lesser-known altcoins. |
Ransomwares | Encryption of victim’s data, rendering it inaccessible until a ransom is paid (it poses a significant threat to individuals and organizations, causing data loss or financial harm). | Their occurrence has increased, with cryptocurrencies often serving as the preferred method of payment due to their pseudonymous nature (it is expected to cost the global economy billions of dollars annually by 2025 [96]). |
DDoS Attacks | Attacks that overwhelm a network or website by flooding it with a massive volume of requests or traffic, causing service disruptions or rendering it inaccessible to legitimate users. | They are a constant threat to cryptocurrency exchanges and blockchain networks as they can disrupt services, causing financial losses, e.g., in 2023, several exchanges experienced DDoS attacks, leading to temporary outages. |
Eclipse Attacks | Isolation of a victim’s node by surrounding it with malicious nodes, controlling the victim’s network connections, and potentially manipulating or censoring their transactions. | They have occurred in various blockchain networks, including Ethereum. While not as common as other attacks, they constitute a concern for network security [90]. |
51% Attacks | A single entity or group controls over 50% of a blockchain network’s mining power, enabling it to manipulate transactions, potentially double-spend and disrupt the network’s integrity. | They have been witnessed in several smaller cryptocurrencies. The most notable example is the 51% attack on Ethereum Classic in 2019, resulting in millions of dollars in double-spending [97]. |
Selfish Mining Attacks | Secret mining on top of withholding blocks, gaining an unfair advantage over honest miners in the race to add blocks to the blockchain. | They are rarely observed in practice due to their complexity (however, they remain a topic of academic research and discussion in the cryptocurrency community [98]). |
Brute Force Attacks | Systematic combinations of all possible passwords or encryption keys until the correct one is discovered, typically through an exhaustive trial-and-error approach. | While successful, they are relatively rare due to the strength of modern encryption algorithms, but they can still occur, especially if users employ weak passwords. |
Finney Attacks | Special type of double-spending attacks, where an attacker pre-mines a valid transaction but keeps it private while mining a new block to confirm the pre-mined transaction, excluding it from the network | Rarely observed due to their intricate nature, but when occurred, they underscore the importance of robust network security measures [99]. |
Fork After Withholding Attacks | Successful mining of a new block without broadcasting it to the network (instead, the miner continues mining on top of the withheld block privately, aiming to gain an advantage over other miners by producing a longer chain). | They have occurred in smaller blockchain networks, where miners attempt to gain a competitive advantage by secretly mining blocks (while not as common as other attacks, they highlight the vulnerabilities inherent in proof-of-work consensus mechanisms). |
Deanonymization Attacks | Involve linking IP addresses with cryptocurrency wallets compromising user privacy and security | Although they have not been reported often, they have become increasingly sophisticated [100]. |
4.2. Anomaly Detection in Blockchain Networks
Techniques | Strengths | Weaknesses |
---|---|---|
Statistical Analysis | Simple and interpretable approach; utilizes statistical measures to establish normal behavior patterns | Limited in detecting anomalies that deviate significantly from statistical measures |
Machine Learning | Ability to learn from historical data and adapt to evolving anomalies; detection of complex and subtle anomalies | Complexity and computational overhead in training and deploying models; may generate false positives or false negatives if the anomaly patterns change over time |
Network Analysis | Can capture systemic anomalies and identify network-level attacks | Limited visibility into encrypted transactions and activities; complexity in analyzing large-scale networks. |
Heuristic-based | Utilizes expert knowledge and predefined indicators of suspicious activities | Limited to detecting known patterns and predefined indicators; may struggle to adapt to new and evolving types of anomalies |
Deep Learning | Ability to apprehend non-linear data association; effective detection of anomalies that manifest convoluted patterns | Need for significant corpus of meticulously annotated training data, particularly when it comes to detecting anomalies, which are frequently infrequent occurrences; time-intensive training |
- Statistical analysis: By harnessing the power of statistical measures, it strives to establish normal behavior patterns within a given dataset [35,105]. Through the meticulous analysis of data distributions, correlations, and probabilistic models, statistical inference methods provide insights into the expected behavior and help identify deviations that may indicate anomalous activities [104,105,106].
- Data mining: In the ever-evolving landscape of anomaly detection, data mining techniques emerge as powerful allies. Armed with the ability to learn from historical data, these methods adapt to changing environments and evolving anomalies [25]. Through the exploration of vast datasets, they attempt to reveal hidden patterns, correlations, and trends, enabling analysts to uncover deviations from expected behavior [28,104].
- Network analysis: When it comes to anomaly detection in interconnected systems, network analysis takes center stage. By delving into the intricate web of relationships and interactions, network analysis can capture systemic anomalies that span across multiple nodes or connections [105]. These methods leverage graph theory and network metrics to identify network-level attacks, such as coordinated efforts to disrupt communication or exploit vulnerabilities [107].
- Heuristic-based approaches: Drawing upon the wisdom of domain experts, heuristic-based approaches provide a valuable tool in the arsenal of anomaly detection [31]. These methods utilize expert knowledge and predefined indicators of suspicious activities to flag potential anomalies [23,26]. By leveraging human expertise and intuition, heuristic-based approaches can rapidly identify behaviors that deviate from established norms or violate predefined rules [79].
- Deep Learning: Deep learning models stand out for their remarkable ability to grasp intricate and non-linear associations within data [3]. These models excel at capturing complex patterns and fluctuations that may manifest convoluted relationships. By leveraging their non-linearity, deep learning models adeptly identify anomalies that may exhibit unusual patterns, previously unseen correlations, or subtle deviations from expected behavior [108,109,110].
5. Data Mining Techniques Employed in Blockchain Anomaly Detection
5.1. Categories of Unsupervised Learning Algorithms
- Graph-based methods: They are based on representing the blockchain transaction data in graph structures, where nodes represent entities (e.g., addresses, accounts), and edges represent transactions between these entities. Each node may have associated attributes such as transaction volume, frequency, etc. Then, they calculate similarities between nodes based on their behaviors and identify groups of similar nodes. Typical approaches falling in this category are the deepwalk [112], spectral clustering [113], and Louvain method [114].
- Density-based approaches: They attempt to quantify the density measure of data points in the feature space. Regarding blockchain anomaly detection, this is translated into determining the density of addresses, transactions, transaction volumes, frequency, and relations between users and addresses. Points with low densities are likely to be labeled as malicious and anomalous. Representative algorithms commonly used are the local outlier factor (LOF) [115], the DBSCAN [116], and HDBSCAN [117] algorithms.
- Probabilistic unsupervised learning algorithms: They are based on evaluating the underlying probability distributions of the data. They involve inherent modeling of latent variables, and they have been proven to be very effective in discovering hidden patterns in the data. Algorithms that are based on probabilistic modeling are the expectation maximization algorithm [37], the variational autoenconder [118], and the generative adversarial networks (GANs) [119].
Algorithm | Computational Complexity | Category | Algorithm | Computational Complexity | Category |
---|---|---|---|---|---|
k-Means [37] | Partitional | Agglomerative hierarchical clustering [37] | Partitional | ||
Isolation forest [120] | Tree-based | Local outlier factor [115] | Density-based | ||
DBSCAN [116] | Density-based | HDBSCAN [117] | Density-based | ||
Spectral clustering [113] | Graph-based | Louvain algorithm [114] | Graph-based | ||
t-SNE [121] | Dimensionality reduction | Birch [38] | Partitional | ||
Deepwalk [112] | Graph-based | Expectation maximization [37] | Probabilistic | ||
Affinity propagation [111] | Partitional | Variational autoencoder [118] | Probabilistic | ||
GANs [119] | Probabilistic | One-class SVM [41] | One-class classification |
- One-Class Classification: It performs anomaly detection by creating boundaries around normal data points in a high-dimensional space, which contains them in a defined region. Any data points that fall outside this boundary are identified as anomalies. The main representative of this category is the one-class support vectors machine (SVM) [41].
- Tree-Based methods: They represent the blockchain data in decision tree structures and perform a labeling process according to which nodes that are isolated from the majority of nodes are defined as malicious. The most used algorithm credited to this category is the isolation forest [120].
- Dimensionality reduction methods: They focus on transforming the available high-dimensional data points into low-dimensional points, preserving the relative distances between them. Low-dimensional representation provides several advantages such as convenient visualization and easy outlier detection. In general, they are applied as assistive tools to the above categories. Such kinds of algorithms are the well-known principal component analysis (PCA) (which is linear transformation) and the t-SNE (which is non-linear transformation) [121].
5.2. Perspectives on Supervised and Self-Supervised Approaches for Anomaly Detection
5.3. Evaluation Approaches
- Within cluster mean value of the sum of squares: It is defined as the average of the square distances between points belonging to a cluster and the respective cluster center. It reveals the compactness degree of the resulting clusters. Thus, it is a measure of the distortion of a cluster. Small values correspond to highly compact clusters.
- Silhouette score: It measures the similarity of a data point belonging to a specific cluster in relation to the rest of the clusters. It employs the criteria of compactness and separation. The compactness is based on estimating the average distance of the point to all other points belonging to the same cluster. On the other hand, the separation is defined as the smallest distance between the point and all points belonging to the rest of the clusters.
- Confusion matrix-based measures: They are the well-known measures coming from the resulting confusion matrices such as true positive rates (TPRs), false positive rates (FPRs), true negative rates (TNRs), precision, recall, and Fowlkes–Mallows index. They can be used when unsupervised learning is combined with supervised or self-supervised learning or there exists a portion of labeled data in the available dataset.
- Rand Index: The Rand index is a measure of similarity between two data clustering partitions of the same dataset. It considers the TPRs and TNRs and compares the agreement between the clustering results and the true class labels, making it suitable for evaluating clustering in the presence of ground truth labels. This measure can also be applied when unsupervised learning is combined with supervised or self-supervised learning or there exists a portion of labeled data in the available dataset.
- Outlier Detection Rate: It is defined as the number of detected anomalies divided by the number of total anomalies that exist in a dataset. In general, high values of this measure imply better performance of the algorithm.
- Optimal clustering: Usually, the clustering algorithms admit a predefined value for the number of clusters. Optimal clustering refers to the process of determining the optimal number of clusters in terms of compactness and separation criteria. This can be performed by iteratively applying the clustering algorithm, where in each iteration, the number of clusters increases by one. For each iteration (i.e., for each number of clusters), a function that includes the compactness and separation criteria is evaluated. When the iteration stops, the optimal number of clusters corresponds to the minimum value of the above-mentioned function.
6. Data Structures Used in Blockchain Anomaly Detection
6.1. Tabular-Based Data Structures
6.2. Sequence-Based Data Structures
6.3. Graph-Based Data Structures
7. Unsupervised Learning-Based Blockchain Anomaly Detection
7.1. Category 1: Solitary Implementation of Unsupervised Learning
Method | Types of Anomalies | Unsupervised Learning Methods | Evaluation Method |
---|---|---|---|
Kumari and Catherine [134] | Double-spending attack | k-Means | Within cluster distortion |
Norvill et al. [135] | Malicious smart contracts, DAO attack | k-Medoids | Frequency distribution score |
Huang et al. [133] | Malicious node behavior | Behavior Pattern Clustering (custom modification of k-Means) | Precision |
Kinkeldey et al. [124] | Malicious address behavior | k-Means | Cluster visualization with the BitConduite interface |
Khenfouci et al. [125] | Fraud detection | k-Means | Precision, silhouette score, accuracy, F1-score |
Zambre and Shah [138] | All in vain theft, stone man loss, mass bitcoin thefts, malicious user identification | k-Means | Within cluster standard deviation |
Epishkina et al. [132] | Malicious behavior patterns | Agglomerative hierarchical clustering | Ratio statistical distance |
Mirsky et al. [106] | Intrusion-based adversarial attacks in IoT environment | Extended Markov model | Probability scores, false positive rates |
Deepa and Akila [128] | Advanced attacks centered on the heresies of safety strategies, DDoS attacks | k-Means | % detection accuracy |
Swaroopa and Sharma [145] | Double-spending attack | Spectral clustering | Several spectral properties |
Shi et al. [152] | Malicious network activities | k-Means++ | Fowlkes–Mallows Index [135] |
Zheng et al. [144] | Malicious Bitcoin transactions | Louvain algorithm | Louvain runtime efficiency |
Monamo et al. [127] | Fraud detection | Trimmed k-Means | Within cluster sum of squares |
Shayegan et al. [160] | Theft attacks (stone mass loss, Stefan Thomas loss, all in vain theft, mass MyBitcoin theft, Linode Hacks, Bitfloor theft, and Cdecker theft) | Trimmed k-Means | Cluster dispersion rate |
Biryukov and Tikhomirov [146] | Information leaking in transaction messages by adversarial nodes | k-Means | Rand score |
Chaudhari et al. [143] | Malicious addresses | k-Means | F-measure, precision |
Method | Network Type | Data Source | Data Structure | Programming Framework |
---|---|---|---|---|
Kumari and Catherine [134] | Private | Artificially generated | Transaction sequences | Python |
Norvill et al. [135] | Public (Ethereum) | etherscan.io | Smart contract codes as sequences of opcodes | Not reported |
Huang et al. [133] | Private (stock trading dataset) | Real blockchain application data on stock trading | Sequences of transaction data | Not reported |
Kinkeldey et al. [124] | Public (Bitcoin) | Bitcoin core client | Tabular | Python, JavaScript/D3 |
Khenfouci et al. [125] | Private | UCI repository | Tabular | Go language, Go-LibP2P, Ubuntu System |
Zambre and Shah [138] | Public (Bitcoin) | Publicly available data | Graph-based | Not reported |
Epishkina et al. [132] | Public (Bitcoin) | Bitcoin Core client | Sequences of transaction data | Not reported |
Mirsky et al. [106] | Private (IoT environment) | Specially designed IoT database | Tabular | C++ |
Deepa and Akila [128] | Private | Transaction data (private blockchain network) | Time sequences of transaction data | Python on Anaconda Framework |
Swaroopa and Sharma [145] | Private | Custom data | Graph-based | Python |
Shi et al. [152] | Private | Custom data | Binary protocol messages | Python |
Zheng et al. [144] | Public (Bitcoin) | Bitcoin historical transactions | Graph-based | Python |
Monamo et al. [127] | Public (Bitcoin) | University of Illinois | Tabular | R programming language |
Shayegan et al. [160] | Public (Bitcoin) | ELTE Bitcoin Project | Tabular | Matlab |
Biryukov and Tikhomirov [146] | Public (Bitcoin) | Bitcoin Testnet | List Structure | Python–Scikit Learn |
Chaudhari et al. [143] | Public (Bitcoin) | Bitcoin Core client | Graph-based | Python–Scikit Learn |
7.2. Category 2: Combining Unsupervised Learning Algorithms
7.2.1. Cascade Combination Type
Method | Combination Type | Types of Anomalies | Unsupervised Learning Methods | Evaluation Method |
---|---|---|---|---|
Pham and Lee [156] | Parallel | Anomalous behavior as a proxy for suspicious users and transactions | One-class SVM, Mahalanobis distance, k-Means | Dual evaluation (custom metric) |
Pham and Lee [157] | Cascade | Fraud detection | One-class SVM, local outlier factor, k-Means | Dual evaluation (custom metric) |
Sayadi et al. [105] | Cascade | DDoS attack, double-spending attack, 51% vulnerability, selfish mining attack | One-class SVM, k-Means | Silhouette score |
Saravanan et al. [170] | Parallel | Hacked transactions, fraudulent activities, money laundering | Isolated forest, k-Means, autoencoder, clustering based local outlier factor | Accuracy, precision, recall, F1-score |
Sun et al. [171] | Cascade | Malicious user accounts | t-SNE algorithm, Birch algorithm | Customized methodology |
Zhang et al. [172] | Parallel | Abnormal transactions | k-Means, generative adversarial network | Precision, recall, F1-measure |
Kampers et al. [162] | Cascade | Cryptocurrency market manipulation | KDE-Track algorithm, isolated forest | Domain expert reviews, F1-score |
Hirshman et al. [165] | Cascade | Money laundering Mixing Services | k-Means, Role eXtraction (RolX) algorithm | Factorization error |
Turner et al. [139] | Cascade | Ransomware attacks | Deepwalk, PCA, k-Means | Cosine similarity measure of risk |
Shah et al. [167] | Cascade | Outlier pattern detection (wallet authority detection) | Explainable k-Means, Variational autoencoder, Self-organizing maps | True positive rate, Cluster distortion measure |
Agarwal et al. [173] | Parallel | Phishing, gambling, Ponzi scheme | k-Means, HDBSCAN, spectral clustering, agglomerative clustering, one-class SVM | Silhouette score |
Method | Network Type | Data Source | Data Representation | Programming Framework |
---|---|---|---|---|
Pham and Lee [156] | Public (Bitcoin) | University of Illinois Urbana | Graph-based | Python, NetworkX library |
Pham and Lee [157] | Public (Bitcoin) | Stanford Network Analysis Project | Graph-based | Python, NetworkX library |
Sayadi et al. [105] | Public (Bitcoin) | Bitcoin blockchain using Blockchain.info API | Tabular | Python on Spyder/Anaconda, Orange3 API |
Saravanan et al. [170] | Public (Bitcoin) | IEEE Data Port, Kaggle | Tabular | Not reported |
Sun et al. [171] | Public (Ethereum) | Etherscan blockchain explorer APIs | Eigenvector-based | Not reported |
Zhang et al. [172] | Public (Bitcoin) | Reid and Harrigan [77] | Graph-based | Python–Tensorflow |
Kampers et al. [162] | Public | Amazon Web Services cloud | Tree-based | Python |
Hirshman et al. [165] | Public (Bitcoin) | Bitcoin transaction network dataset | Graph-based | Not reported |
Turner et al. [139] | Public (Bitcoin) | Walletexplorer API | Graph-based | Python |
Shah et al. [167] | Public (Bitcoin) | Bitcoin full historical data | Graph-based | Python, Apache Spark |
Agarwal et al. [173] | Public (Ethereum) | Etherscan blockchain explorer APIs | Tabular | Python |
7.2.2. Parallel Combination Type
7.3. Category 3: Combining Unsupervised and Supervised Learning Algorithms
7.3.1. Combination Type 1
7.3.2. Combination Type 2
Method | Combination Type | Types of Anomalies | Unsupervised Learning Methods | Evaluation Method |
---|---|---|---|---|
Sachan et al. [29] | Type 2 | Domain names crypto jacking detection | k-Means | Silhouette score |
Agarwal et al. [175] | Type 1 | Phishing, spamming, scams, and Ponzi schemes | K-means, DBSCAN, HDBSCAN, and one-class SVM | Silhouette score |
Baek et al. [176] | Type 1 | Malicious wallets | Expectation maximization, k-Means | Precision, recall, F-measure |
Bartoletti et al. [179] | Type 1 | Ponzi schemes | Multi-input heuristics | Precision, F-measure |
Boughaci et al. [183] | Type 1 | Malicious transactions | k-Means | Precision, recall |
Rabieinejad et al. [184] | Type 1 | Malicious activities/cyber kill chain | GAN | Trx index |
Podgorelec et al. [130] | Type 1 | Malicious transactions | Isolated forest | Ranks for time frames of feature extraction process |
Lorenz et al. [185] | Type 2 | Money laundering | Local outlier factor, isolation forest, one-class support vector machine | F1-score |
Sachan et al. [190] | Type 2 | Domain Names crypto jacking detection | k-Means | Silhouette score |
Agarwal et al. [191] | Type 2 | Malicious detection through adversarial activities | k-Means, GANs | Precision, recall, F1-score |
Agarwal et al. [192] | Type 2 | Malicious detection through adversarial activities | k-Means, GANs | Precision, recall, F1-score |
Method | Network Type | Data Source | Data Representation | Programming Framework |
---|---|---|---|---|
Sachan et al. [29] | Public permissionless | Cisco Umbrella top 1 million Dataset, Indian Government URLs | Graph-based browser metadata | Python, NumPy |
Agarwal et al. [175] | Public (Ethereum) | Ethereum transaction data (79 million accounts and Cryptoscam.db dataset) | Graph-based | Python |
Baek et al. [176] | Public (Ethereum) | Binance and Ethereum wallets from etherscan.io | Tree-based | Python API |
Bartoletti et al. [179] | Public (Bitcoin) | Reddit, bitcointalk.org | Graph-Based | Weka software |
Boughaci et al. [183] | Public (Bitcoin) | Elliptic dataset (Kaggle) | Graph-based | Java (Netbeans environment) |
Rabieinejad et al. [184] | Public (Ethereum) | Ethereum transaction data | Tabular | Python |
Podgorelec et al. [130] | Public (Ethereum) | Etherscan.io | Time Series | Python, Scikit-learn |
Lorenz et al. [185] | Public (Bitcoin) | Eliptic dataset | Graph-based | Python, Scikit-learn |
Sachan et al. [190] | Public-permissionless | Cisco Umbrella top 1 million Dataset, Indian Government URLs | Graph-based browser metadata | Python, NumPy |
Agarwal et al. [191] | Public (Ethereum) | Ethereum.org | Tabular | Python, Keras, NumPy |
Agarwal et al. [192] | Public (Ethereum) | Ethereum.org | Tabular | Python, Keras, NumPy |
8. Challenges and Future Directions
8.1. Scalability and Complexity
8.2. Generative AI and Adversarial Attacks in Blockchain Anomaly Detection
8.2.1. Potential Approaches Related to GenAI
8.2.2. Potential Approaches Related to Adversarial Attacks
8.3. Distributed Ledger under the Framework of AI
8.4. On the Effect of the Blockchain Continuous Evolution
8.5. Implications of Zero-Trust and Zero-Knowledge Proof Environments
8.6. Privacy Concerns in Unsupervised Learning for Anomaly Detection
9. Conclusions
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
References
- Saad, M.; Spaulding, J.; Njilla, L.; Kamhoua, C.; Shetty, S.; Nyang, D.-H.; Mohaisen, D. Exploring the attack surface of blockchain: A comprehensive survey. IEEE Commun. Surv. Tutor. 2020, 22, 1977–2008. [Google Scholar] [CrossRef]
- Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https://bitcoin.org/bitcoin.pdf (accessed on 16 October 2023).
- Xie, M.; Li, H.; Zhao, Y. Blockchain financial investment based on deep learning network algorithm. J. Comput. Appl. Math. 2020, 372, 112723. [Google Scholar] [CrossRef]
- Sarker, S.; Saha, A.K.; Ferdous, M.S. A survey on blockchain and cloud integration. In Proceedings of the 23rd International Conference on Computer and Information Technology (ICCIT), Dhaka, Bangladesh, 19–21 December 2020; pp. 1–7. [Google Scholar]
- Gan, Q.-Q.; You, R.; Lau, K. Trust in a ‘trust-free’ system: Blockchain acceptance in the banking and finance sector. Technol. Forecast. Soc. Chang. 2024, 199, 123050. [Google Scholar] [CrossRef]
- Zheng, Z.; Xie, S.; Dai, H.-N.; Chen, W.; Chen, X.; Weng, J.; Imran, M. An overview on smart contracts: Challenges, advances and platforms. Future Gener. Comput. Syst. 2020, 105, 475–491. [Google Scholar] [CrossRef]
- Kose, J.; Leonid, K.; Fahad, S. Smart contracts and decentralized finance. Annu. Rev. Financ. Econ. 2023, 15, 523–542. [Google Scholar]
- Dong, C.; Huang, Q.; Fang, D. Channel selection and pricing strategy with supply chain finance and blockchain. Int. J. Prod. Econ. 2023, 265, 109006. [Google Scholar] [CrossRef]
- Boakye, E.A.; Zhao, H.; Kwame Ahia, B.N. Emerging research on blockchain technology in finance; conveyed evidence of bibliometric-based evaluations. J. High Technol. Manag. Res. 2022, 33, 100437. [Google Scholar] [CrossRef]
- Wang, T.; Wu, Q.; Chen, J.; Chen, F.; Xie, D.; Shen, H. Health data security sharing method based on hybrid blockchain. Future Gener. Comput. Syst. 2024, 153, 251–261. [Google Scholar] [CrossRef]
- Xiang, X.; Zhao, X. Blockchain-assisted searchable attribute-based encryption for e-health systems. J. Syst. Archit. 2022, 124, 102417. [Google Scholar] [CrossRef]
- Uppal, S.; Kansekar, B.; Mini, S.; Tosh, D. HealthDote: A blockchain-based model for continuous health monitoring using interplanetary file system. Healthc. Anal. 2023, 3, 100175. [Google Scholar] [CrossRef]
- Tian, J.; Tian, J.-F.; Du, R.-Z. MSLShard: An efficient sharding-based trust management framework for blockchain-empowered IoT access control. J. Parallel Distrib. Comput. 2024, 185, 104795. [Google Scholar] [CrossRef]
- Dhar, D.; Khare, A.; Dwivedi, A.D.; Singh, R. Securing IoT devices: A novel approach using blockchain and quantum cryptography. Internet Things 2024, 25, 101019. [Google Scholar] [CrossRef]
- Hameed, K.; Barika, M.; Garg, S.; Amin, M.B.; Kang, B. A taxonomy study on securing blockchain-based industrial applications: An overview, application perspectives, requirements, attacks, countermeasures, and open issues. J. Ind. Inf. Integr. 2022, 26, 100312. [Google Scholar] [CrossRef]
- Tseng, F.-M.; Liang, C.-W.; Nguyen, N.-B. Blockchain technology adoption and business performance in large enterprises: A comparison of the United States and China. Technol. Soc. 2023, 73, 102230. [Google Scholar] [CrossRef]
- Zhu, X.; Liu, Y.; Cao, Y.; Jiao, Z. Demand response scheduling based on blockchain considering the priority of high load energy enterprises. Energy Rep. 2023, 9, 992–1000. [Google Scholar] [CrossRef]
- Zhen, P.; Jiang, Z.; Wu, J.-J.; Zheng, Z. Blockchain-based decentralized application: A survey. IEEE Open J. Comput. Soc. 2024, 4, 121–133. [Google Scholar] [CrossRef]
- Banoth, R.; Dave, M.B. A survey on decentralized application based on blockchain platform. In Proceedings of the International Conference on Sustainable Computing and Data Communication Systems (ICSCDS), Erode, India, 7–9 April 2022; pp. 1171–1174. [Google Scholar]
- Tang, H.; Jiao, Y.; Huang, B.; Lin, C.; Goyal, S.; Wang, B. Learning to classify blockchain peers according to their behavior sequences. IEEE Access 2018, 6, 71208–71215. [Google Scholar] [CrossRef]
- Buterin, V. On Public and Private Blockchains. Available online: https://blog.ethereum.org/2015/08/07/on-public-and-private-blockchains (accessed on 10 December 2023).
- Xu, M.; Guo, Y.; Liu, C.; Hu, Q.; Yu, D.; Xiong, Z.; Niyato, D.; Cheng, X. Exploring blockchain technology through a modular lens: A survey. arXiv 2023, arXiv:2304.08283v1. [Google Scholar] [CrossRef]
- Oumaima, F.; Karim, Z.; Abdellatif, E.G.; Mohammed, B. A survey on blockchain and artificial intelligence technologies for enhancing security and privacy in smart environments. IEEE Access 2022, 10, 93168–93186. [Google Scholar]
- Frankenfield, J. What Are Consensus Mechanisms in Blockchain and Cryptocurrency? Available online: https://www.investopedia.com/terms/c/consensus-mechanism-cryptocurrency.asp (accessed on 15 December 2023).
- Li, J.; Gu, C.; Wei, F.; Chen, X. A survey on blockchain anomaly detection using data mining techniques. In Proceedings of the 1st International Conference on Blockchain and Trustworthy Systems (BlockSys 2019), Guangzhou, China, 7–8 December 2019; pp. 491–504. [Google Scholar]
- Ul Hassan, M.; Rehmani, M.H.; Chen, J. Anomaly detection in blockchain networks: A comprehensive survey. IEEE Commun. Surv. Tutor. 2023, 25, 289–318. [Google Scholar] [CrossRef]
- Hisham, S.; Makhtar, M.; Aziz, A.A. Combining Multiple Classifiers using Ensemble Method for Anomaly Detection in Blockchain Networks: A Comprehensive Review. Int. J. Adv. Comput. Sci. Appl. 2022, 13, 404–422. [Google Scholar] [CrossRef]
- Kamisalic, A.; Kramberger, R.; Fister, I.J. Synergy of blockchain technology and data mining techniques for anomaly detection. Appl. Sci. 2021, 11, 7987. [Google Scholar] [CrossRef]
- Sachan, R.K.; Agarwal, R.; Shukla, S.K. Identifying malicious accounts in blockchains using domain names and associated temporal properties. arXiv 2021, arXiv:2106.13420v1. [Google Scholar] [CrossRef]
- Abu Musa, T.A.; Bouras, A. Anomaly detection: A survey. Lect. Notes Netw. Syst. 2022, 217, 391–401. [Google Scholar]
- Chandola, V.; Banerjee, A.; Kumar, V. Anomaly detection: A survey. ACM Comput. Surv. 2009, 41, 15. [Google Scholar] [CrossRef]
- Pourhabibi, T.; Ong, K.-L.; Kam, B.H.; Boo, Y.L. Fraud detection: A systematic literature review of graph-based anomaly detection approaches. Decis. Support Syst. 2020, 133, 113303. [Google Scholar] [CrossRef]
- Morishima, S. Scalable anomaly detection method for blockchain transactions using GPU. In Proceedings of the 20th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT), Gold Coast, QLD, Australia, 5–7 December 2019; pp. 163–168. [Google Scholar]
- Martin, K.; Rahouti, M.; Ayyash, M.; Alsmadi, I. Anomaly detection in blockchain using network representation and machine learning. Secur. Priv. 2022, 5, e192. [Google Scholar] [CrossRef]
- Signorini, M.; Pontecorvi, M.; Kanoun, W.; Di Pietro, R. BAD: A blockchain anomaly detection solution. IEEE Access 2020, 8, 173481–173490. [Google Scholar] [CrossRef]
- De Haro-Olmo, F.J.; Varela-Vaca, A.J.; Alvarez-Bermejo, J.A. Blockchain from the perspective of privacy and anonymization: A systematic literature review. Sensors 2020, 20, 7171. [Google Scholar] [CrossRef]
- Jain, A.K.; Dubes, R.C. Algorithms for Clustering Data; Prentice-Hall Inc.: Upper Saddle River, NJ, USA, 1988. [Google Scholar]
- Zhang, T.; Ramakrishnan, R.; Livny, M. BIRCH: A new data clustering algorithm and its applications. Data Min. Knowl. Discov. 1997, 1, 141–182. [Google Scholar] [CrossRef]
- Qi, J.; Guo, Z.; Lu, Y.; Gao, J.; Guo, Y.; Fanyao, M. Security evaluation model of blockchain system based on combination weighting and grey clustering. In Proceedings of the 7th IEEE International Conference on Data Science in Cyberspace (DSC, 2022), Guilin, China, 11–13 July 2022; pp. 440–447. [Google Scholar]
- Karypis, G.; Han, E.H.; Kumar, V. Chameleon: A hierarchical clustering algorithm using dynamic modeling. IEEE Comput. Mag. 1999, 32, 68–75. [Google Scholar] [CrossRef]
- Scholkopf, B.; Williamson, R.; Smola, A.; Shawe-Taylor, J.; Platt, J. Support vector method for novelty detection. In Proceedings of the 12th International Conference on Neural Information Processing Systems, Denver, CO, USA, 29 November–4 December 1999; pp. 582–588. [Google Scholar]
- Tax, D.M.J.; Duin, R.P.W. Support vector data description. Mach. Learn. 2004, 54, 45–66. [Google Scholar] [CrossRef]
- Liu, F.T.; Ting, K.M.; Zhou, Z.H. Isolation-based anomaly detection. ACM Trans. Knowl. Discov. Data 2012, 6, 3. [Google Scholar] [CrossRef]
- Pavithra, S.; Ramya, S.; Prathibha, S. A survey on cloud computing security issues and blockchain. In Proceedings of the 3rd International Conference on Computing and Communications Technologies (ICCCT), Chennai, India, 21–22 February 2019; pp. 136–140. [Google Scholar]
- Hong, A.; Sun, C.; Chen, M. A survey of distributed database systems based on blockchain. In Proceedings of the 3rd International Conference on Smart BlockChain (SmartBlock), Zhengzhou, China, 23–25 October 2020; pp. 191–196. [Google Scholar]
- Sadad, A.; Khan, M.A.; Ghaleb, B.; Khan, F.A.; Driss, M.; Boulila, W.; Ahmad, J. Distributed twins in edge computing: Blockchain and IOTA. arXiv 2023, arXiv:2305.07453v1. [Google Scholar]
- Sadri, H.; Yitmen, I.; Tagliabue, L.C.; Westphal, F.; Tezel, A.; Taheri, A.; Sibenik, G. Integration of blockchain and digital twins in the smart built environment adopting disruptive technologies—A systematic review. Sustainability 2023, 15, 3713. [Google Scholar] [CrossRef]
- Malibari, N.A. A survey on blockchain-based applications in education. In Proceedings of the 7th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India, 12–14 March 2020; pp. 266–270. [Google Scholar]
- Al-Maaitah, S.; Qatawneh, M.; Quzmar, A. E-voting system based on blockchain technology: A survey. In Proceedings of the International Conference on Information Technology (ICIT), Amman, Jordan, 14–15 July 2021; pp. 200–205. [Google Scholar]
- Ren, K.; Ho, N.-M.; Loghin, D.; Nguyen, T.-T.; Ooi, B.C.; Ta, Q.T.; Zhu, F. Interoperability in blockchain: A survey. IEEE Trans. Knowl. Data Eng. 2023, 35, 12750–12769. [Google Scholar] [CrossRef]
- Qian, P.; Liu, Z.; He, Q.; Huang, B.; Tian, D.; Wang, X. Smart contract vulnerability detection technique: A survey. arXiv 2022, arXiv:2209.05872v1. [Google Scholar]
- Ivanov, N.; Li, C.; Yan, Q.; Sun, Z.; Cao, Z.; Luo, X. Security defense for smart contracts: A comprehensive survey. arXiv 2023, arXiv:2302.07347v3. [Google Scholar]
- Meisami, S.; Bodell III, W.E. A comprehensive survey of upgradeable smart contract patterns. arXiv 2023, arXiv:2304.03405. [Google Scholar]
- Cho, S.; Lee, S. Survey on the application of blockchain to IoT: Research trend for applying blockchain to IoT. In Proceedings of the International Conference on Electronics, Information, and Communication (ICEIC), Auckland, New Zealand, 22–25 January 2019; pp. 1–2. [Google Scholar]
- Shammar, E.A.; Zahary, A.T.; Al-Shargabi, A.A. A Survey of IoT and blockchain integration: Security perspective. IEEE Access 2021, 9, 156114–156150. [Google Scholar] [CrossRef]
- Qatawneh, M. Use of blockchain in the Internet of Things: A survey. arXiv 2023, arXiv:2303.06035. [Google Scholar]
- Xue, H.; Chen, D.; Zhang, N.; Dai, H.-N.; Yu, K. Integration of blockchain and edge computing in Internet of Things: A survey. arXiv 2022, arXiv:2205.13160v1. [Google Scholar] [CrossRef]
- Dai, H.-N.; Zheng, Z.; Zhang, Y. Blockchain for internet of Things: A survey. arXiv 2020, arXiv:1906.00245v5. [Google Scholar] [CrossRef]
- Khan, Z.A.; Namin, A.S. A survey on the applications of blockchains in security of IoT systems. arXiv 2021, arXiv:2112.09296v1. [Google Scholar]
- Jiang, Y.; Ma, B.; Wang, X.; Yu, P.; Yu, G.; Wang, Z.; Ni, W.; Liu, R.P. Blockchained federated learning for Internet of Things: A comprehensive survey. arXiv 2023, arXiv:2305.04513v1. [Google Scholar] [CrossRef]
- Conti, M.; Kumar, E.S.; Lal, C.; Ruj, S. A survey on security and privacy issues of Bitcoin. IEEE Commun. Surv. Tutor. 2018, 20, 3416–3452. [Google Scholar] [CrossRef]
- Zhang, R.; Xue, R.; Liu, L. Security and privacy on blockchain. arXiv 2019, arXiv:1903.07602v2. [Google Scholar] [CrossRef]
- Zhang, R.; Xue, R.; Liu, L. Security and privacy for healthcare blockchains. arXiv 2021, arXiv:2106.06136v1. [Google Scholar] [CrossRef]
- Manimurgan, S.; Anitha, T.; Divya, G.; Charlyn Pushpa Latha, G.; Mathupriya, S. A survey on blockchain technology for network security applications. In Proceedings of the 2nd International Conference on Computing and Information Technology (ICCIT), Tabuk, Saudi Arabia, 25–27 January 2022; pp. 440–445. [Google Scholar]
- Kumar, A.; Sharma, I. Enhancing cybersecurity policies with blockchain technology: A survey. In Proceedings of the 5th International Conference on Contemporary Computing and Informatics (IC3I), Uttar Pradesh, India, 14–16 December 2022; pp. 1050–1054. [Google Scholar]
- Salman, T.; Zolanvari, M.; Erbad, A.; Jain, R.; Samaka, M. Security services using blockchains: A state of the art survey. IEEE Commun. Surv. Tutor. 2019, 21, 858–880. [Google Scholar] [CrossRef]
- Yuan, G.; Feng, L.; Ning, J.; Yang, X. Survey on the application of blockchain in digital rights protection. In Proceedings of the International Conference on Intelligent Computing and Human-Computer Interaction (ICHCI), Sanya, China, 4–6 December 2020; pp. 183–187. [Google Scholar]
- Zhu, L.; Zheng, B.; Shen, M.; Gao, F.; Li, H.; Shi, K. Research on the security of blockchain data: A survey. arXiv 2018, arXiv:1812.02009v2. [Google Scholar]
- Li, X.; Jiang, P.; Chen, T.; Luo, X.; Wen, Q. A survey on the security of blockchain systems. arXiv 2020, arXiv:1802.06993v3. [Google Scholar] [CrossRef]
- Rai, G.S.; Goyal, S.B.; Chatterjee, P. Anomaly detection in blockchain using machine learning. Lect. Notes Electr. Eng. 2023, 984, 487–499. [Google Scholar]
- Lashkari, B.; Musilek, P. A comprehensive review of blockchain consensus mechanisms. IEEE Access 2021, 9, 43620–43652. [Google Scholar] [CrossRef]
- Sultan, K.; Ruhi, U.; Lakhani, R. Conceptualizing blockchains: Characteristics and applications. In Proceedings of the 11th IADIS International Conference on Information Systems, Lisbon, Portugal, 14–16 April 2018; pp. 49–57. [Google Scholar]
- Parizi, R.M.; Dehghantanha, A.; Raymond Choo, K.-K.; Singh, A. Empirical vulnerability analysis of automated smart contracts security testing on blockchains. In Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering (CASCON ‘18), Markham, ON, Canada, 29–31 October 2018; pp. 103–113. [Google Scholar]
- Kosba, A.; Miller, A.; Shi, E.; Wen, Z.; Papamanthou, C. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 22–26 May 2016; pp. 839–858. [Google Scholar]
- Panigrahi, A.; Nayak, A.K.; Paul, R. Impact of clustering technique in enhancing the blockchain network performance. In Proceedings of the 2022 International Conference on Machine Learning, Computer Systems and Security (MLCSS), Bhubaneswar, India, 5–6 August 2022; pp. 363–367. [Google Scholar]
- Joshi, P.; Kumar, S.; Kumar, D.; Singh, A.K. A blockchain based framework for fraud detection. In Proceedings of the 2019 Conference on Next Generation Computing Applications (NextComp), Balaclava, Mauritius, 19–21 September 2019. [Google Scholar]
- Ma, J.; Lin, S.Y.; Chen, X.; Sun, H.-M.; Chen, Y.-C.; Wang, H. A blockchain-based application system for product anti-counterfeiting. IEEE Access 2020, 8, 77642–77652. [Google Scholar] [CrossRef]
- Reid, F.; Harrigan, M. An analysis of anonymity in the bitcoin system. In Security and Privacy in Social Networks; Altshuler, Y., Elovici, Y., Cremers, A.B., Aharony, N., Pentland, A., Eds.; Springer: New York, NY, USA, 2013; pp. 197–222. [Google Scholar]
- Zhang, Y.; Wang, J.; Luo, J. Heuristic-based address clustering in bitcoin. IEEE Access 2020, 8, 210582–210591. [Google Scholar] [CrossRef]
- Ferrag, M.A.; Derdour, M.; Mukherjee, M.; Derhab, A.; Maglaras, L.; Janicke, H. Blockchain technologies for the Internet of Things: Research issues and challenges. IEEE Internet Things J. 2018, 6, 2188–2204. [Google Scholar] [CrossRef]
- Crosby, M.; Nachiappan Pattanayak, P.; Verma, S.; Kalyanaraman, V. Blockchain technology: Beyond Bitcoin. Appl. Innov. 2016, 2, 6–10. [Google Scholar]
- Zapotochnyi, A. What Are Smart Contracts? Available online: https://blockgeeks.com/guides/smart-contracts (accessed on 5 March 2024).
- Chen, W.; Zheng, Z.; Ngai, E.C.H.; Zheng, P.; Zhou, Y. Exploiting blockchain data to detect smart Ponzi schemes on Ethereum. IEEE Access 2019, 7, 37575–37586. [Google Scholar] [CrossRef]
- Manolache, M.A.; Manolache, S.; Tapus, N. Decision making using the blockchain proof of authority consensus. Procedia Comput. Sci. 2022, 199, 580–588. [Google Scholar] [CrossRef]
- Alrubei, S.; Ball, E.; Rigelsford, J. HDPoA: Honesty-based distributed proof of authority via scalable work consensus protocol for IoT-blockchain applications. Comput. Netw. 2022, 217, 109337. [Google Scholar] [CrossRef]
- Dash, B. Zero-trust architecture (ZTA): Designing an AI-powered cloud security framework for LLMs’ black box problems. Curr. Trends Eng. Sci. (CTES) 2024, 4, 1058. [Google Scholar] [CrossRef]
- Wu, W.; Liu, E.; Gong, X.; Wang, R. Blockchain based zero-knowledge proof of location in IoT. In Proceedings of the International IEEE Conference on Communications (ICC’ 20), Dublin, Ireland, 7–11 June 2020; pp. 1–7. [Google Scholar]
- Xu, G.; Liu, Y.; Khan, P.W. Improvement of the dpos consensus mechanism in blockchain based on vague sets. IEEE Trans. Ind. Inform. 2020, 16, 4252–4259. [Google Scholar] [CrossRef]
- Ul Hassan, M.U.; Rehmani, M.H.; Chen, J. Deal: Differentially private auction for blockchain-based microgrids energy trading. IEEE Trans. Serv. Comput. 2020, 13, 263–275. [Google Scholar] [CrossRef]
- Heilman, E.; Kendler, A.; Zohar, A.; Goldberg, S. Eclipse attacks on Bitcoin’s peer-to-peer network. In Proceedings of the 24th USENIX Security Symposium, Washington, DC, USA, 12–14 August 2015; pp. 129–144. [Google Scholar]
- Alangot, B.; Reijsbergen, D.; Venugopalan, S.; Szalachowski, P.; Yeo, K.S. Decentralized and lightweight approach to detect Eclipse attacks on Proof of Work blockchains. IEEE Trans. Netw. Serv. Manag. 2021, 18, 1659–1672. [Google Scholar] [CrossRef]
- Rahouti, M.; Xiong, K.; Ghani, N. Bitcoin concepts, threats, and machine-learning security solutions. IEEE Access 2018, 6, 67189–67205. [Google Scholar] [CrossRef]
- Saad, M.; Thai, M.T.; Mohaisen, A. POSTER: Deterring DDoS attacks on blockchain-based cryptocurrencies through Mempool optimization. In Proceedings of the Asia Conference on Computer and Communications Security (ASIACCS ‘18), Incheon, Republic of Korea, 4 June 2018; pp. 809–811. [Google Scholar]
- Bano, S.; Sonnino, A.; Al-Bassam, M.; Azouvi, S.; McCorry, P.; Meiklejohn, S.; Danezis, G. SoK: Consensus in the age of blockchains. In Proceedings of the 1st ACM Conference on Advances in Financial Technologies, Zurich, Switzerland, 21–23 October 2019; pp. 183–198. [Google Scholar]
- CipherTrace. Available online: https://ciphertrace.com/ (accessed on 10 April 2024).
- Cybersecurity Ventures. Ransomware Damage Costs Predicted to Reach $265 Billion by 2031. Available online: https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/ (accessed on 15 April 2024).
- Zohar, A. Bitcoin: Under the hood. Commun. ACM 2015, 58, 104–113. [Google Scholar] [CrossRef]
- Eyal, I.; Sirer, E.G. Majority is not enough: Bitcoin mining is vulnerable. arXiv 2013, arXiv:1311.0243v5. [Google Scholar] [CrossRef]
- Gomez, W. What Is a Finney Hack or Finney Attack? Available online: https://academy.bit2me.com/en/which-is-a-hack-finney-attack-finney/ (accessed on 18 April 2024).
- Meiklejohn, S.; Pomarole, M.; Jordan, G.; Levchenko, K.; McCoy, D.; Voelker, G.M.; Savage, S. A fistful of bitcoins: Characterizing payments among men with no names. Commun. ACM 2016, 59, 86–93. [Google Scholar] [CrossRef]
- Memoria, F. 700 Million Stuck in 115,000 Unconfirmed Bitcoin Transactions. Available online: https://www.ccn.com/700-million-stuck-115000-unconfirmed-bitcoin-transactions (accessed on 4 February 2024).
- Ekparinya, P.; Gramoli, V.; Jourjon, G. Impact of Man-in-the-Middle Attacks on Ethereum. In Proceedings of the 37th IEEE Symposium on Reliable Distributed Systems (SRDS), Salvador, Brazil, 2–5 October 2018; pp. 11–20. [Google Scholar]
- Kang, C.; Lee, C.; Ko, K.; Woo, J.; Hong, J.W.-K. De-anonymization of the Bitcoin network using address clustering. Commun. Comput. Inf. Sci. 2020, 1267, 489–501. [Google Scholar]
- Goldstein, M.; Uchida, S. A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PLoS ONE 2016, 11, e0152173. [Google Scholar] [CrossRef]
- Sayadi, S.; Rejeb, B.; Choukair, Z. Anomaly detection model over blockchain electronic transactions. In Proceedings of the 15th International Wireless Communications & Mobile Computing Conference (IWCMC), Tangier, Morocco, 24–28 June 2019; pp. 895–900. [Google Scholar]
- Mirsky, Y.; Golomb, T.; Elovici, Y. Lightweight collaborative anomaly detection for the IoT using blockchain. J. Parallel Distrib. Comput. 2020, 145, 75–97. [Google Scholar] [CrossRef]
- Kim, J.; Nakashima, M.; Fan, W.; Wuthier, S.; Zhou, X.; Kim, I.; Chang, S.-Y. A machine learning approach to anomaly detection based on traffic monitoring for secure blockchain networking. IEEE Trans. Netw. Serv. Manag. 2022, 19, 3619–3632. [Google Scholar] [CrossRef]
- Patel, V.; Pan, L.; Rajasegarar, S. Graph deep learning based anomaly detection in Ethereum blockchain network. Lect. Notes Comput. Sci. 2020, 12570, 132–148. [Google Scholar]
- Demertzis, K.; Iliadis, L.; Tziritas, N.; Kikiras, P. Anomaly detection via blockchained deep learning smart contracts in industry 4.0. Neural Comput. Appl. 2020, 32, 17361–17378. [Google Scholar] [CrossRef]
- Guo, C.; Zhang, S.; Zhang, P.; Alkubati, M.; Song, J. LB-GLAT: Long-term bi-graph layer attention convolutional network for anti-money laundering in transactional blockchain. Mathematics 2023, 11, 3927. [Google Scholar] [CrossRef]
- Frey, B.J.; Dueck, D. Clustering by passing messages between data points. Science 2007, 315, 972–976. [Google Scholar] [CrossRef] [PubMed]
- Perozzi, B.; Al-Rfou, R.; Skiena, S. Deepwalk: Online learning of social representations. In Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, NY, USA, 24–27 August 2014; pp. 701–710. [Google Scholar]
- Ng, A.Y.; Jordan, M.I.; Weiss, Y. On spectral clustering: Analysis and an algorithm. In Proceedings of the 14th International Conference on Neural Information Processing Systems: Natural and Synthetic (NIPS’01), Vancouver, BC, Canada, 3–8 December 2001; pp. 849–856. [Google Scholar]
- Blondel, V.D.; Guillaume, J.L.; Lambiotte, R.; Lefebvre, E. Fast unfolding of communities in large networks. J. Stat. Mech. Theory Exp. 2008, 10, P10008. [Google Scholar] [CrossRef]
- Breunig, M.M.; Kriegel, H.-P.; Ng, R.T.; Sander, J. LOF: Identifying density-based local outliers. ACM SIGMOD Rec. 2000, 29, 93–104. [Google Scholar] [CrossRef]
- Ester, M.; Kriegel, H.-P.; Sander, J.; Xu, X. A density-based algorithm for discovering clusters in large spatial databases with noise. In Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD’96), Portland, OR, USA, 2–4 August 1996; pp. 226–231. [Google Scholar]
- Campello, R.J.G.B.; Moulavi, D.; Zimek, A.; Sander, J. Hierarchical density estimates for data clustering, visualization, and outlier detection. ACM Trans. Knowl. Discov. Data 2015, 10, 5. [Google Scholar] [CrossRef]
- Kipf, T.N.; Welling, M. Variational graph auto-encoders. arXiv 2016, arXiv:1611.07308v1. [Google Scholar]
- Goodfellow, I.; Pouget-Abadie, J.; Mirza, M.; Xu, B.; Warde-Farley, D.; Ozair, S.; Courville, A.; Bengio, Y. Generative adversarial nets. arXiv 2014, arXiv:1406.2661. [Google Scholar]
- Liu, F.T.; Ting, K.M.; Zhou, Z.-H. Isolation forest. In Proceedings of the 8th IEEE International Conference on Data Mining, Pisa, Italy, 15–19 December 2008; pp. 413–422. [Google Scholar]
- Maaten, L.; Hinton, G. Visualizing data using t-SNE. J. Mach. Learn. Res. 2008, 9, 2579–2605. [Google Scholar]
- Hasan, M.; Rahman, M.S.; Janicke, H.; Sarker, I.H. Detecting anomalies in blockchain transactions using machine learning classifiers and explainability analysis. arXiv 2024, arXiv:2401.03530. [Google Scholar]
- Hojjati, H.; Ho, T.; Armanfard, N. Self-Supervised anomaly detection: A survey and outlook. arXiv 2022, arXiv:2205.05173. [Google Scholar]
- Kinkeldey, C.; Fekete, J.-D.; Isenberg, P. BitConduite: Visualizing and analyzing activity on the Bitcoin network. In Proceedings of the Eurographics Conference on Visualization (EuroVis’ 17), Barcelona, Spain, 12–16 June 2017; pp. 25–27. [Google Scholar]
- Khenfouci, Y.; Challal, Y.; Hamdad, L. ClusterChain: Decentralized and trustworthy clustering over blockchain. In Proceedings of the International Conference on Networking and Advanced Systems (ICNAS), Annaba, Algeria, 27–28 October 2016; pp. 1–6. [Google Scholar]
- Mongo Database. Available online: https://www.mongodb.com/ (accessed on 5 February 2024).
- Monamo, P.; Marivate, V.; Twala, B. Unsupervised learning for robust Bitcoin fraud detection. In Proceedings of the Information Security for South Africa (ISSA) Conference, Johannesburg, South Africa, 17–18 August 2016; pp. 129–134. [Google Scholar]
- Deepa, M.; Akila, D. Cost-effective anomaly detection for blockchain transactions using unsupervised learning. Lect. Notes Netw. Syst. 2021, 248, 445–453. [Google Scholar]
- Li, L.; Noorian, F.; Moss, D.J.; Leong, P.H. Rolling window time series prediction using MapReduce. In Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014), Redwood City, CA, USA, 13–15 August 2014; pp. 757–764. [Google Scholar]
- Podgorelec, B.; Turkanovic, M.; Karakatic, S. A machine learning-based method for automated blockchain transaction signing including personalized anomaly detection. Sensors 2020, 20, 147. [Google Scholar] [CrossRef]
- Chang, T.-H.; Svetinovic, D. Improving Bitcoin ownership identification using transaction patterns analysis. IEEE Trans. Syst. Man Cybern. Syst. 2020, 50, 9–20. [Google Scholar] [CrossRef]
- Epishkina, A.; Zapechnikov, S. Discovering and clustering hidden time patterns in blockchain ledger. In Biologically Inspired Cognitive Architectures (BICA) for Young Scientists; Samsonovich, A.V., Klimov, V.V., Eds.; Springer International Publishing: Cham, Switzerland, 2018; pp. 245–250. [Google Scholar]
- Huang, B.; Liu, Z.; Chen, J.; Liu, A.; Liu, Q.; He, Q. Behavior pattern clustering in blockchain networks. Multimed. Tools Appl. 2017, 76, 20099–20110. [Google Scholar] [CrossRef]
- Kumari, R.; Catherine, M. Anomaly detection in blockchain using clustering protocol. Int. J. Pure Appl. Math. 2018, 118, 391–396. [Google Scholar]
- Norvill, R.; State, R.; Awan, I.; Fiz Pontiveros, B.B.; Cullen, A. Automated labeling of unknown contracts in Ethereum. In Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, Barcelona, Spain, 31 July–3 August 2017; pp. 1165–1172. [Google Scholar]
- Schubert, E.; Rousseeuw, P.J. Fast and eager k-medoids clustering: O(k) runtime improvement of the PAM, CLARA, and CLARANS algorithms. Inf. Syst. 2021, 101, 101804. [Google Scholar] [CrossRef]
- Tsoulias, K.; Palaiokrassas, G.; Fragkos, G.; Litke, A.; Varvarigou, T.A. A graph model based blockchain implementation for increasing performance and security in decentralized ledger systems. IEEE Access 2020, 8, 130952–130965. [Google Scholar] [CrossRef]
- Zambre, D.; Shah, A. Analysis of Bitcoin Network Dataset for Fraud. Stanford CS 224W Project Final Report 2013. Available online: https://snap.stanford.edu/class/cs224w-2013/projects2013/cs224w-030-final.pdf (accessed on 12 December 2023).
- Turner, A.B.; McCombie, S.; Uhlmann, A.J. Follow the money: Revealing risky nodes in a ransomware-bitcoin network. In Proceedings of the 54th Hawaii International Conference on System Sciences, Maui, HI, USA, 5–8 January 2021; pp. 1560–1572. [Google Scholar]
- Khandelwal, N. How the Graph Is Changing the Way We Access Blockchain Data. Available online: https://medium.com/@navanshkhandelwal14/how-the-graph-is-changing-the-way-we-access-blockchain-data-c197334cd63e (accessed on 29 February 2024).
- Mc Ginn, D.; Birch, D.; Akroyd, D.; Molina-Solana, M.; Guo, Y.; Knottenbelt, W. Visualizing dynamic Bitcoin transaction patterns. Big Data 2016, 4, 109–119. [Google Scholar] [CrossRef] [PubMed]
- Yang, C.; Chin, K.-W.; Wang, J.; Wang, X.; Liu, Y.; Zheng, Z. Scaling blockchains with error correction codes: A survey on coded blockchains. arXiv 2022, arXiv:2208.09255v1. [Google Scholar] [CrossRef]
- Chaudhari, D.; Agarwal, R.; Shukla, S.K. Towards malicious address identification in Bitcoin. In Proceedings of the 2021 IEEE International Conference on Blockchain (Blockchain), Melbourne, VIC, Australia, 6–8 December 2021; pp. 425–432. [Google Scholar]
- Zheng, B.; Zhu, L.; Shen, M.; Du, X.; Yang, J.; Gao, F.; Li, Y.; Zhang, C.; Liu, S.; Yin, S. Malicious Bitcoin transaction tracing using incidence relation clustering. In Proceedings of the International Conference on Mobile Networks and Management (MONAMI), Melbourne, VIC, Australia, 13–15 December 2017; pp. 313–323. [Google Scholar]
- Swaroopa, R.B.; Sharma, G.V. UL-blockDAG: Unsupervised learning based consensus protocol for blockchain. In Proceedings of the 40th International Conference on Distributed Computing Systems (ICDCS’ 20), Singapore, 29 November–1 December 2020; pp. 1243–1248. [Google Scholar]
- Biryukov, A.; Tikhomirov, S. Transaction clustering using network traffic analysis for bitcoin and derived blockchains. In Proceedings of the IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Paris, France, 9 April-May 2019; pp. 204–209. [Google Scholar]
- Pustogarov, I. Bitcoin Network Probing Tool. Available online: https://github.com/ivanpustogarov/bcclient (accessed on 15 December 2023).
- Diaz, C.; Seys, S.; Claessens, J.; Preneel, B. Towards measuring anonymity. Lect. Notes Comput. Sci. 2002, 2482, 54–68. [Google Scholar]
- Etherscan. Available online: https://etherscan.io/ (accessed on 3 February 2024).
- Magnusson, M. Discovering hidden time patterns in behavior: T-patterns and their detection. Behav. Res. Methods Instrum. Comput. 2000, 32, 93–110. [Google Scholar] [CrossRef] [PubMed]
- Ward, J.H. Hierarchical grouping to optimize an objective function. J. Am. Stat. Assoc. 1963, 58, 236–244. [Google Scholar] [CrossRef]
- Shi, J.; Ye, L.; Li, Z.; Zhan, D. Unsupervised binary protocol clustering based on maximum sequential patterns. CMES-Comput. Model. Eng. Sci. 2022, 130, 495–510. [Google Scholar] [CrossRef]
- Arthur, D.; Vassilvitskii, S. k-Means++ The Advantages of Careful Seeding. Technical Report. Stanford. 2016. Available online: https://theory.stanford.edu/~sergei/papers/kMeansPP-soda.pdf (accessed on 16 December 2023).
- Wang, J.; Han, J. Bide: Efficient mining of frequent closed sequences. In Proceedings of the 20th International Conference on Data Engineering, Boston, MA, USA, 2 April 2004; pp. 79–90. [Google Scholar]
- Fowlkes, E.B.; Mallows, C.L. A method for comparing two hierarchical clusterings. J. Am. Stat. Assoc. 1983, 78, 553–569. [Google Scholar] [CrossRef]
- Pham, T.; Lee, S. Anomaly detection in Bitcoin network using unsupervised learning methods. arXiv 2017, arXiv:1611.03941v2. [Google Scholar]
- Pham, T.; Lee, S. Anomaly detection in the Bitcoin system—A network perspective. arXiv 2017, arXiv:1611.03942. [Google Scholar]
- Tsolakis, D.; Tsekouras, G.E.; Niros, A.D.; Rigos, A. On the systematic development of fast fuzzy vector quantization for grayscale image compression. Neural Netw. 2012, 36, 83–96. [Google Scholar] [CrossRef] [PubMed]
- Cuesta-Albertos, J.A.; Gordaliza, A.; Matran, C. Trimmed k-means: An attempt to robustify quantizers. Ann. Stat. 1997, 25, 553–576. [Google Scholar] [CrossRef]
- Shayegan, M.J.; Sabor, H.R.; Uddin, M.; Chen, C.-L. A collective anomaly detection technique to detect crypto wallet frauds on Bitcoin network. Symmetry 2022, 14, 328. [Google Scholar] [CrossRef]
- Kondor, D.; Posfai, M.; Csabai, I.; Vattay, G. Do the rich get richer? An empirical analysis of the Bitcoin transaction network. PLoS ONE 2014, 9, e86197. [Google Scholar] [CrossRef] [PubMed]
- Kampers, O.; Qahtan, A.; Mathur, S.; Velegrakis, Y. Manipulation detection in cryptocurrency markets: An anomaly and change detection based approach. In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing (SAC ‘22), Virtual Event, 25–29 April 2022; pp. 326–329. [Google Scholar]
- Qahtan, A.; Zhang, X.; Wang, S. Efficient estimation of dynamic density functions with an application to outlier detection. In Proceedings of the 21st ACM International Conference on Information and Knowledge Management (CIKM 12), Maui, HI, USA, 29 October–2 November 2012; pp. 2159–2163. [Google Scholar]
- Henderson, K.; Gallagher, B.; Eliassi-Rad, T.; Tong, H.; Basu, S.; Akoglu, L.; Koutra, D.; Faloutsos, C.; Li, L. RolX: Structural role extraction and mining in large graphs. In Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD ‘12), Beijing China, 12–16 August 2012; pp. 1231–1239. [Google Scholar]
- Hirshman, Y.; Huang, S.; Macke, S. Unsupervised Approaches to Detecting Anomalous Behavior in the Bitcoin Transaction Network. Technical Report, Stanford University 2013, cs229.stanford.edu. Available online: https://cs229.stanford.edu/proj2013/ (accessed on 15 January 2024).
- Wallet Explorer. Available online: https://www.walletexplorer.com (accessed on 3 March 2024).
- Shah, R.S.; Bhatia, A.; Gandhi, A.; Mathur, S. Bitcoin data analytics: Scalable techniques for transaction clustering and embedding generation. In Proceedings of the International Conference on Communication Systems & Networks (COMSNETS ‘21), Bangalore, India, 5–9 January 2021; pp. 1–8. [Google Scholar]
- Frost, N.; Moshkovitz, M.; Rashtchian, C. Exkmc: Expanding explainable k-means clustering. arXiv 2020, arXiv:2006.02399v2. [Google Scholar]
- Blockchain Charts. Available online: https://www.blockchain.com/explorer/charts (accessed on 2 March 2024).
- Saravanan, R.; Sreeparvathy, V.S.; Santhiya, S.; Shalini, K. Comparative study analysis of machine learning algorithms for anomaly detection in blockchain. In Proceedings of the International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE ’23), Ballar, India, 29–30 April 2023; pp. 1–6. [Google Scholar]
- Sun, H.; Ruan, N.; Liu, H. Ethereum analysis via node clustering. Lect. Notes Comput. Sci. 2019, 11928, 114–129. [Google Scholar]
- Zhang, X.; Li, G.; Wang, Y. GAN-based abnormal transaction detection in Bitcoin. In Proceedings of the 7th IEEE International Conference on Smart Cloud (SmartCloud), Shanghai, China, 8–10 October 2022; pp. 157–162. [Google Scholar]
- Agarwal, R.; Thapliyal, T.; Shukla, S.K. Vulnerability and transaction behavior based detection of malicious smart contracts. Lect. Notes Comput. Sci. 2022, 13172, 79–96. [Google Scholar]
- Dingman, W.; Cohen, A.; Ferrara, N.; Lynch, A.; Jasinski, P.; Black, P.E.; Deng, L. Defects and vulnerabilities in smart contracts, a classification using the NIST bugs framework. Int. J. Networked Distrib. Comput. 2019, 7, 121–132. [Google Scholar] [CrossRef]
- Agarwal, R.; Kumar, A.; Singh, A.K. Detecting malicious accounts in permissionless blockchains using temporal graph properties. Appl. Netw. Sci. 2021, 6, 9. [Google Scholar] [CrossRef]
- Baek, H.; Oh, J.; Kim, C.Y.; Lee, K. A model for detecting cryptocurrency transactions with discernible purpose. In Proceedings of the 11th International Conference on Ubiquitous and Future Networks (ICUFN), Zagreb, Croatia, 2–5 July 2019; pp. 713–717. [Google Scholar]
- Binance. Available online: https://www.binance.com/ (accessed on 4 October 2023).
- Bartoletti, M.; Carta, S.; Cimoli, T.; Saia, R. Dissecting Ponzi schemes on Ethereum: Identification, analysis, and impact. Future Gener. Comput. Syst. 2020, 102, 259–277. [Google Scholar] [CrossRef]
- Bartoletti, M.; Pes, B.; Serusi, S. Data mining for detecting Bitcoin Ponzi schemes. In Proceedings of the Crypto Valley Conference on Blockchain Technology (CVCBT), Zug, Switzerland, 20–22 June 2018; pp. 75–84. [Google Scholar]
- Reddit. Available online: https://www.reddit.com/ (accessed on 12 January 2024).
- Bitcointalk. Available online: https://bitcointalk.org/ (accessed on 12 January 2024).
- Elliptic Data Set. Available online: https://www.kaggle.com/ellipticco/elliptic-data-set (accessed on 1 November 2023).
- Boughaci, D.; Alkhawaldeh, A.A.K. Enhancing the security of financial transactions in Blockchain by using machine learning techniques: Towards a sophisticated security tool for banking and finance. In Proceedings of the 1st International Conference of Smart Systems and Emerging Technologies (SMARTTECH), Riyadh, Saudi Arabia, 3–5 November 2020; pp. 110–115. [Google Scholar]
- Rabieinejad, E.; Yazdinejad, A.; Parizi, R.M.; Dehghantanha, A. Generative adversarial networks for cyber threat hunting in Ethereum blockchain. Distrib. Ledger Technol. Res. Pract. 2023, 2, 1–19. [Google Scholar] [CrossRef]
- Lorenz, J.; Silva, M.I.; Aparicio, D.; Ascensao, J.T.; Bizarro, P. Machine learning methods to detect money laundering in the Bitcoin blockchain in the presence of label scarcity. arxiv 2020, arXiv:2005.14635. [Google Scholar]
- Weber, M.; Domeniconi, G.; Chen, J.; Weidele, D.K.I.; Bellei, B.; Robinson, T.; Leiserson, C.E. Anti-money laundering in bitcoin: Experimenting with graph convolutional networks for financial forensics. arXiv 2019, arXiv:1908.02591. [Google Scholar]
- Settles, B. Active Learning Literature Survey. Computer Sciences Technical Report 1648, University of Wisconsin–Madison. 2009. Available online: https://minds.wisconsin.edu/handle/1793/60660 (accessed on 25 November 2023).
- Farrugia, S.; Ellul, J.; Azzopardi, G. Detection of illicit accounts over the Ethereum blockchain. Expert Syst. Appl. 2020, 150, 113318. [Google Scholar] [CrossRef]
- Chen, T.; Zhu, Y.; Li, Z.; Chen, J.; Li, X.; Luo, X.; Lin, X.; Zhange, X. Understanding Ethereum via graph analysis. In Proceedings of the IEEE Conference on Computer Communications (IEEE INFOCOM ’18), Honolulu, HI, USA, 16–19 April 2018; pp. 1484–1492. [Google Scholar]
- Sachan, R.K.; Agarwal, R.; Shukla, S.K. DNS based in-browser cryptojacking detection. arXiv 2022, arXiv:2205.04685v1. [Google Scholar]
- Agarwal, R.; Thapliyal, T.; Shukla, S. Analyzing malicious activities and detecting adversarial behavior in cryptocurrency based permissionless blockchains: An Ethereum usecase. Distrib. Ledger Technol. Res. Pract. 2022, 1, 8. [Google Scholar] [CrossRef]
- Agarwal, R.; Thapliyal, T.; Shukla, S. Detecting malicious accounts showing adversarial behavior in permissionless blockchains. arXiv 2021, arXiv:2101.11915v. [Google Scholar]
- Kumar, K.; Bhushan, B. Augmenting cybersecurity and fraud detection using artificial intelligence advancements. In Proceedings of the 4th International Conference on Computing, Communication, and Intelligent Systems (ICCCIS), Greater Noida, India, 3–4 November 2023; pp. 1207–1212. [Google Scholar]
- Gad, A.G.; Mosa, D.T.; Abualigah, L.; Abohany, A.A. Emerging trends in blockchain technology and applications: A review and outlook. J. King Saud Univ. Comput. Inf. Sci. 2022, 34, 6719–6742. [Google Scholar] [CrossRef]
- Jha, R.K. Challenges of effective decision making in decentralized autonomous organizations (DAOs). World J. Res. Rev. 2023, 17, 18–25. [Google Scholar]
- Buck, C.; Olenberger, C.; Schweizer, A.; Volter, F.; Eymann, T. Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Comput. Secur. 2021, 110, 102436. [Google Scholar] [CrossRef]
- Lu, L.; Han, J.; Liu, Y.; Hu, L.; Huai, J.-P.; Ni, L.; Ma, J. Pseudo Trust: Zero-knowledge authentication in anonymous P2Ps. IEEE Trans. Parallel Distrib. Syst. 2008, 19, 1325–1337. [Google Scholar] [CrossRef]
- Arazzi, M.; Nicolazzo, S.; Nocera, A. A fully privacy-preserving solution for anomaly detection in IoT using federated learning and homomorphic encryption. Inf. Syst. Front. 2023. [Google Scholar] [CrossRef]
- Bernabe, J.B.; Canovas, J.L.; Hernandez-Ramos, J.L.; Moreno, R.T.; Skarmeta, A. Privacy-preserving solutions for blockchain: Review and challenges. IEEE Access 2019, 7, 164908. [Google Scholar] [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Cholevas, C.; Angeli, E.; Sereti, Z.; Mavrikos, E.; Tsekouras, G.E. Anomaly Detection in Blockchain Networks Using Unsupervised Learning: A Survey. Algorithms 2024, 17, 201. https://doi.org/10.3390/a17050201
Cholevas C, Angeli E, Sereti Z, Mavrikos E, Tsekouras GE. Anomaly Detection in Blockchain Networks Using Unsupervised Learning: A Survey. Algorithms. 2024; 17(5):201. https://doi.org/10.3390/a17050201
Chicago/Turabian StyleCholevas, Christos, Eftychia Angeli, Zacharoula Sereti, Emmanouil Mavrikos, and George E. Tsekouras. 2024. "Anomaly Detection in Blockchain Networks Using Unsupervised Learning: A Survey" Algorithms 17, no. 5: 201. https://doi.org/10.3390/a17050201
APA StyleCholevas, C., Angeli, E., Sereti, Z., Mavrikos, E., & Tsekouras, G. E. (2024). Anomaly Detection in Blockchain Networks Using Unsupervised Learning: A Survey. Algorithms, 17(5), 201. https://doi.org/10.3390/a17050201